Ghost/core/server/permissions
Katharina Irrgang 506a0c3e9e 🔥 Removed certain fields from public user response (#9069)
no issue 

* Comment current state of toJSON for user model

- currently the user model does not return the email if the context is app/external/public OR if there is no context object at all
- i am not 100% sure why if there is no context we should not return the email address
- i think no context means internal access
- maybe change this condition cc @ErisDS

* Extend our access rules plugin

- we already have a instance method to determine which context is used
- this relies on passing options into `.forge` - but we almost never pass the context into the forge call
  - added @TODO
- provide another static method to determine the context based on the options object passed from outside

* Use the new static function for existing code

* Add comment where the external context is used

* Remove certain fields from a public request (User model only)

* Tests: support `checkResponse` for a public request

- start with an optional option pattern
- i would love to get rid of checkResponse('user', null, null, null)
- still support old style for now
- a resoure can define the default response fields and public response fields

* Tests: adapt public api test

* Tests: adapt api user test

- use new option pattern for `checkResponse`
- eww null, null, null, null....

* Revert the usage of the access rules plugin
2017-09-28 14:00:52 +01:00
..
effective.js Permissions: code cleanup & basic unit tests (#9037) 2017-09-25 11:17:06 +02:00
index.js Support for attribute-based permissions (#9025) 2017-09-26 18:06:14 +02:00
parse-context.js 🔥 Removed certain fields from public user response (#9069) 2017-09-28 14:00:52 +01:00
public.js Permissions: code cleanup & basic unit tests (#9037) 2017-09-25 11:17:06 +02:00